Aurelien Jarno writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename"): > [stuff]
Thanks for your explanations and sorry for being dense. > In secure-execution mode, preload pathnames containing slashes are > ignored. Furthermore, shared objects are preloaded only from the > standard search directories and only if they have set-user-ID mode bit > enabled (which is not typical). Obviously it wouldn't be right for eatmydata to be loaded by actually setuid programs. Ian Jackson writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename"): > (As an aside, I'm not sure why it makes sense for apparmor to inhibit > preloading. I thought apparmor was intended to restrict the > applications you apply it to, not defend them against their callers.) So the overall effect is that programs with apparmor profiles are mostly protected from the effects of LD_PRELOAD (and, I assume, LD_LIBRARY_PATH and various other properties of the execution environment). This doesn't seem correct to me. Is there any documentation giving a rationale for this ? Is there a way to change this locally ? (Other than creating /etc/suid-debug, which is dangerous.) Ian.